CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-24554

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00545EPSS

Exploits0References2

CVE•added 2025/09/22 8:26 p.m.•15 views

CVE-2025-59532

CVE-2025-59532 affects OpenAI Codex CLI (v0.2.0–0.38.0). A sandbox configuration bug caused the model-generated cwd to be treated as the sandbox’s writable root, enabling arbitrary file writes and command execution outside the user’s session workspace. The issue did not impact the network-disable...

8.6CVSS6.9AI score0.00092EPSS

Exploits1References3

Github Security Blog•added 2025/09/19 5:14 p.m.•7 views

Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

8.6CVSS7.4AI score0.00092EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2025/09/19 12:0 a.m.•1 views

PT-2025-39079

Name of the Vulnerable Software and Affected Versions Codex CLI versions 0.2.0 through 0.38.0 Codex IDE extension versions prior to 0.4.12 Description Codex CLI, a coding agent from OpenAI, had a flaw in its sandbox configuration logic. This allowed the software to incorrectly identify the writab...

8.6CVSS5.6AI score0.00092EPSS

Exploits1References15

RedhatCVE•added 2025/08/15 9:28 a.m.•4 views

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

8.8CVSS8.2AI score0.00545EPSS

Exploits0References1